Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)
|
|
- Marcus McCoy
- 5 years ago
- Views:
Transcription
1 Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald) 1 Euclid s Algorithm Euclid s Algorithm for computing the greatest common divisor belongs to the oldest known computing procedures It was already known to Eudoxus (375 BC), and it is described in the Euclid s Elements (300 BC) It is of fundamental importance and occurs in many computational tasks We write a b for integers a, b, if a is a divisor of b, ie, if there exists a k Z with b = k a Definition 11 For two nonnegative integers a, b let gcd(a, b) = max{f : f a and f b} By convention, gcd(0, 0) = 0 If gcd(a 1,, a n ) = 1 then a 1,, a n are called relatively prime or coprime Measure of complexity: log n for an input n (bit-length of n) Euclid s algorithm: Euclid s algorithm provides an efficient (polynomial time) computation of the gcd It is based on a fundamental property of integers: divison with remainder: For integers a, b 0 there exist m, r Z with Euclid s algorithm: a = mb + r and 0 r < b Input: a, b N Output: r j 1 = gcd(a, b) Method: Set r 1 = a, r 0 = b Compute by division with remainder successively r 1,, r j 1 with b > r 1 > > r j 1 > r j = 0, until no remainder occurs Ie, r i+1 is the remainder in the division of r i 1 by r i : with m 1,, m j Z r 1 = m 1 r 0 + r 1, r 0 = m 2 r 1 + r 2, r i 1 = m i+1 r i + r i+1, r j 3 = m j 1 r j 2 + r j 1, r j 2 = m j r j 1, Termination: Since the remainders r i are falling monotonically, the algorithm terminates after finitely many steps 1
2 2 Correctness: r j 1 divides successively r j 2, r j 3,, r 0 = b and r 1 = a (just consider successively the equations r i 1 = m i+1 r i +r i+1 ) If, conversely, z divides both a and b, then z successively also divides r 1,, r j 1 (this results from the equations r i+1 = r i 1 m i+1 r i ) Example For a = 9876, b = 3456 we obtain Ie gcd(9876, 3456) = = , 3456 = , 2964 = , 492 = (+ 0) By substituting r j 1, r j,, r 0 into the expression for r j we also obtain a linear combination of the gcd in terms of the inputs a and b (In the example this yields gcd(9876, 3456) = 12 = ) Theorem 12 For all integers a, b > 0 there exist integers x and y such that gcd(a, b) = ax + by Moreover, the gcd and x and y can be computed in polynomial time Proof The worst-case running time of the algorithm can be bounded by considering a and b for which the maximal numbers of divisions occur Wlog assume a > b > 0 (In case b > a, a and b are swapped in the first step) The smallest pair (a, b) (in the sense (a 1, b 1 ) < (a 2, b 2 ) (b 1 < b 2 or (b 1 = b 2 and a 1 < a 2 ))), for which j divisions are required, is obtained by choosing r j 1 and the m i as small as possible: m 1 = = m j 1 = 1, m j = 2 and r j 1 = 1 (m j = 1 is excluded, since r j = 0 would then imply r j 1 = r j 2 ) The equations r j 1 = 1, r j 2 = 2, r i 1 = r i + r i+1 for i = j 2,, 0 then determine r 1 = a and r 0 = b uniquely This yields a connection to the Fibonacci sequence 0, 1, 1, 2, 3, 5, 8, 13 : For inputs a > b > 0, Euclid s algorithm requires at most c ln(b 5) divisions, with c = (ln ) 1 208
3 2 Z m: INTEGERS MODULO m 3 2 Z m : Integers modulo m When computing with integers it is often advantageous not to operate with the numbers themselves, but instead with the remainders which occur in the division by a fixed modulus m 2 Recall the ring Z m of integers modulo m Definition 21 Let m N and a, b Z a and b are congruent modulo m if m (b a), ie, if a mod m = b mod m Notation: a b (mod m) Let Z m = {0, 1,, m 1} In Z m we can define the addition and multiplication modulo m (Z m, +) forms a group under addition modulo m Let Z m = {x Z m : gcd(x, m) = 1} Then Z m forms a group under multiplication modulo m (Notice that 0 Z m) Q: How to compute the (multiplicative) inverse of an element a Z m in polynomial time? As an application of efficiently computing the inverse we present the following constructive version of the Chinese Remainder Theorem, which allows to decompose computational problems into smaller problems In order to achieve this, an integer a is replaced by a tuple (a 1,, a k ) of integers, which is obtained by considering a modulo k given, pairwise relatively prime moduli m 1,, m k Since computations on a carry over in a canonical way to the a i, we can work with the remainders modulo m i This strategy requires that at the end of a computation one can reconstruct the number back from the remainders An answer to this question of reconstructability is given by the Chinese Remainder Theorem, which in a special case was already known to to Sun Tsu 300 AD Theorem 22 Let m 1,, m k N pairwise relatively prime and m := m 1 m k For any sequence of residues a 1 Z m1,, a k Z mk, there exists a unique x Z m such that x a 1 (mod m 1 ), x a 2 (mod m 2 ),, x a k (mod m k ), Moreover, a can be computed in polynomial time Proof Existence and algorithm: Let e i, 1 i k, be solutions of the system of equations for the special case a i = 1, a j = 0 for j i ( basis solutions ) Set m i := j i m j = m m i Since the moduli m 1,, m k are pairwise coprime, we have gcd(m i, m i) = 1 Hence, there exists an inverse element t i of m i modulo m i, and it can be computed in polynomial time We set e i := m i t i
4 4 Then, by definition of m i, as desired { 1 (mod m i ), e i 0 (mod m j ) for j i The basis solutions can be put together to a solution x = k a i e i i=1 of the original system Uniqueness: Uniqueness of the choice of r follows from a simple counting argument The number of distinct choices of each r i is m i, and so there are exactly m distinct sequences (r i ) By the existence proof each such sequence has at least one associated r Z m, which defines an injective mapping from Z m1 Z mk Z m However, since the cardinalities of the two sets are equal, the mapping must be bijective Example We ask for a solution to the system x 2 (mod 3), x 3 (mod 5), x 4 (mod 7) We have m 1 = 5 7 = 35, m 2 = 3 7 = 21, m 3 = 3 5 = 15 From 1 = gcd(3, 35) = , 1 = gcd(5, 21) = , 1 = gcd(7, 15) = we obtain the basis solutions e 1 = 35, e 2 = 21, e 3 = 15 Consequently, is the solution to the congruence 2 ( 35) = 53 3 Euler s totient function and Fermat s Little Theorem Computing in Z n is of fundamental importance for algorithm design and in modern cryptography (which is essentially based on prime number concepts) Definition 31 Euler s totient function ϕ(n) is defined to be the number of elements of Z n that are coprime to n, ie, ϕ(n) = Z n Example ϕ(6) = 2, ϕ(8) = 4, ϕ(12) = {1, 5, 7, 11} = 4 If the prime factorization of a number n is known, then ϕ(n) can be computed in polynomial time
5 3 EULER S TOTIENT FUNCTION AND FERMAT S LITTLE THEOREM 5 Theorem 32 Let n have the prime factorization p e 1 1 p e 2 2 p er r primes p i and exponents e i > 0 Then ϕ(n) = r i=1 p e i 1 i (p i 1) Proof The proof follows from the following three statements i) For prime p we have ϕ(p) = p 1 with pairwise distinct ii) For prime p and e > 0, ϕ(p e ) = p e 1 (p 1) This follows from the observation that among all numbers in Z n exactly the numbers 0, p, 2p,, (p e 1 1)p do not belong to Z pe, ie, ( ϕ(p e ) = p e p e 1 = p e 1 1 ) p iii) For m and n with gcd(m, n) = 1, ϕ(mn) = ϕ(m)ϕ(n) By the Chinesische Remainder Theorem, the mapping Z m n Z m Z n, a mod (m n) (a mod m, a mod n) is bijective Since gcd(a, mn) = 1 if and only if gcd(a, m) = 1 and gcd(a, n) = 1, the induced mapping is bijective as well Z m Z m Z n, a mod (m n) (a mod m, a mod n) If the prime factorization is not known, then computing ϕ(n) is essentially as hard as factoring Euler s totient function is used, eg, in the RSA coding scheme The following Theorem of Euler is of fundamental importance As usual, we write a n := a } {{ a} n times Theorem 33 (Euler s Theorem) For all n N and a Z n we have a ϕ(n) 1 (mod n) Proof Let Z n =: {a 1,, a ϕ(n) } Further let a Z n arbitrary Bijectivity of the left translation L a : Z n Z n, x ax implies that then {aa 1,, aa ϕ(n) } = Z n as well Multiplication of all elements in the two sets yields a 1 a ϕ(n) in Z n and after cancelling down a ϕ(n) = 1 = aa 1 aa ϕ(n) Corollary 34 (Fermat s Little Theorem) For prime p and x Z p, a p a (mod p)
6 6 Proof For a 0 (mod p) the statement is obvious, and for a 0 the property ϕ(p) = p 1 implies a p 1 1 (mod p) 4 Quadratic residues The exponentiation problem to compute y = x a (mod n) given x, a and n can be done in polynomial time (using iterative squaring) The inverse problem of root finding given a, y and n, find an x with y = x a (mod n) is in general much harder Here, we describe an algorithm for finding square roots when n is prime Definition 41 A number a Z n is said to be a quadratic residue if there exists some x Z n such that a = x 2 (mod n) Otherwise a is called a quadratic non-residue We consider a prime modulus p From elementary number theory, it is known that the multiplicative group Z p is cyclic Eg Z 7 is generated by the element 3, since {30 mod 7, 3 1 mod 7, 3 2 mo {1, 3, 2, 6, 4, 5} = Z 7 Lemma 42 Let p be an odd prime and g Z p be any generator Then, gk is a quadratic residue if and only if k is even Proof If k even: clear If k odd: Let k = 2l + 1 and assume for contradiction that there exists an x Z p such that x 2 g 2l+1 (mod p) But since g is a generator, x = g m for some m 0 Hence, g 2m g 2l+1 (mod p), and switching to the additive group modulo ϕ(p), we can restate this as 2m 2l +1 (mod ϕ(p)) Since ϕ(p) = p 1, we can conclude that (p 1) (2l 2m+1) But p 1 is even and 2l 2m + 1 is odd, giving a contradiction Theorem 43 (Euler s Criterion) For prime p, an element a Z p is a quadratic residue if and only if a p (mod p) Proof Let g be any generator of the cyclic group Z p If a is a quadratic residue then let x = g k be a square root of a Hence a g 2k (mod p), and therefore a p 1 2 g k(p 1) (g p 1 ) k 1 k 1 (mod p) Conversely, if a is not a quadratic residue, then by the previous lemma we know that a is an odd power of g Assuming that a = g 2l+1, we obtain a p 1 2 g l(p 1) g p 1 2 g p 1 2 (mod p) Since g has order p 1, the last term cannot be congruent to 1 Using Euler s Criterion, there exists an efficient algorithm for deciding quadratic residuity
7 5 PRIMALITY TESTING 7 Corollary 44 For prime p and a Z p it can be decided in polynomial time whether a is a quadratic residue modulo p 5 Primality testing Motivation: eg, generation of large primes for cryptography Primality testing is a fascinating and rich topic, and in 2002 Agrawal, Manindran, and Saxena have succeeded to show that this problem can be decided in polynomial time, see eg, the survey article F Bornemann, Primes is in P: A breakthrough for everyman, Notices of the AMS 05/2003, Many primality tests (also the AKS algorithm) are essentially based on ideas of Fermat s Little Theorem This theorem tells us: Let N N If an a N, 0 < a < N with a N 1 1 (mod N) exists, then N is not prime Definition 51 Let N be a composite number N is called pseudoprime wrt the basis a if N satisfies the property a N 1 1 (mod N) N is called Carmichael number if N is pseudoprime for all a Z N The numbers a Z N which satisfy the Fermat identity constitute a subgroup of Z N The order of this subgroup is either ϕ(n) or (in case of a proper subgroup) at most ϕ(n)/2 Thus: Theorem 52 (r-fold Fermat test) Let N N such that there exists an a Z N with a N 1 1 (mod N) Then for randomly chosen, independent a 1,, a r Z N, Prob ( a N 1 i 1 (mod N) for 1 i r ) 2 r The r-fold Fermat test can recognize the compositeness of a non-carmichael number with probability 1 2 r It cannot recognize the compositeness of a Carmichael number For many practical purposes, the Fermat test is sufficient, since Carmichael numbers occur very seldomly In fact, until the early 90 s it was even unknown if there are infinitely many Carmichael numbers at all The following randomized algorithm (Miller-Rabin test) extends the Fermat test to Carmichael numbers Let N be odd and consider a N 1 for a random a Z N \ {0} If this is not 1, then we have proved that N is composite Otherwise, we keep replacing this (even) power of a by its precomputed square root until the result is something other than ±1 or until we have reduced it to an odd power of a If we reach a square root of 1 other than ±1 then N is composite (because for a prime number N any quadratic residue has exactly two square roots) Otherwise the algorithm claims that N is prime, and this is the only place where it can make an error
8 8 Primality test of Miller-Rabin: Input: Odd number N Output: Prime or Composite (1) Compute r and R such that N 1 = 2 r R, and R is odd (2) Choose a uniformly at random from Z N \ {0} (3) For i = 0 to r compute b i = a 2iR (4) If a N 1 = b r 1 (mod N) then return Composite (5) If a R = b 0 1 (mod N) then return Prime (6) Let j = max{i : b i 1 (mod N)} (7) If b j 1 (mod N) then Return Prime Else Return Composite For prime N, this algorithm always returns Prime Moreover, it can be shown that the algorithm returns Prime on a composite input N with probability at most 1/2: Theorem 53 Let N N be odd and composite, N 1 = 2 r R with R odd Then for random a Z N we have ( ) Prob a R 1 (mod N) or i {0,, r 1} a 2iR 1 (mod N) 1 2 An RP algorithm A for a given problem is a randomized algorithm running in worstcase polynomial time such that (1) for every Yes instance Pr(A yields Yes) 1/2; (2) for every No instance Pr(A yields Yes) = 0 Hence: Theorem 54 The Miller-Rabin test is an RP algorithm for testing compositeness
CHAPTER 6. Prime Numbers. Definition and Fundamental Results
CHAPTER 6 Prime Numbers Part VI of PJE. Definition and Fundamental Results 6.1. Definition. (PJE definition 23.1.1) An integer p is prime if p > 1 and the only positive divisors of p are 1 and p. If n
More informationThe Chinese Remainder Theorem
Chapter 5 The Chinese Remainder Theorem 5.1 Coprime moduli Theorem 5.1. Suppose m, n N, and gcd(m, n) = 1. Given any remainders r mod m and s mod n we can find N such that N r mod m and N s mod n. Moreover,
More informationApplied Cryptography and Computer Security CSE 664 Spring 2018
Applied Cryptography and Computer Security Lecture 12: Introduction to Number Theory II Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline This time we ll finish the
More informationAn integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.
Chapter 6 Prime Numbers Part VI of PJE. Definition and Fundamental Results Definition. (PJE definition 23.1.1) An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p. If n > 1
More informationECEN 5022 Cryptography
Elementary Algebra and Number Theory University of Colorado Spring 2008 Divisibility, Primes Definition. N denotes the set {1, 2, 3,...} of natural numbers and Z denotes the set of integers {..., 2, 1,
More informationA Few Primality Testing Algorithms
A Few Primality Testing Algorithms Donald Brower April 2, 2006 0.1 Introduction These notes will cover a few primality testing algorithms. There are many such, some prove that a number is prime, others
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 8 February 1, 2012 CPSC 467b, Lecture 8 1/42 Number Theory Needed for RSA Z n : The integers mod n Modular arithmetic GCD Relatively
More informationA SURVEY OF PRIMALITY TESTS
A SURVEY OF PRIMALITY TESTS STEFAN LANCE Abstract. In this paper, we show how modular arithmetic and Euler s totient function are applied to elementary number theory. In particular, we use only arithmetic
More informationChapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations
Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 9.1 Chapter 9 Objectives
More information2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.
CHAPTER 2 INTRODUCTION TO NUMBER THEORY ANSWERS TO QUESTIONS 2.1 A nonzero b is a divisor of a if a = mb for some m, where a, b, and m are integers. That is, b is a divisor of a if there is no remainder
More informationCorollary 4.2 (Pepin s Test, 1877). Let F k = 2 2k + 1, the kth Fermat number, where k 1. Then F k is prime iff 3 F k 1
4. Primality testing 4.1. Introduction. Factorisation is concerned with the problem of developing efficient algorithms to express a given positive integer n > 1 as a product of powers of distinct primes.
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 9 September 30, 2015 CPSC 467, Lecture 9 1/47 Fast Exponentiation Algorithms Number Theory Needed for RSA Elementary Number Theory
More informationLECTURE 4: CHINESE REMAINDER THEOREM AND MULTIPLICATIVE FUNCTIONS
LECTURE 4: CHINESE REMAINDER THEOREM AND MULTIPLICATIVE FUNCTIONS 1. The Chinese Remainder Theorem We now seek to analyse the solubility of congruences by reinterpreting their solutions modulo a composite
More informationNumber Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.
CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L06, Steve/Courses/2011/S2/CSS322/Lectures/number.tex,
More informationNumber Theory and Group Theoryfor Public-Key Cryptography
Number Theory and Group Theory for Public-Key Cryptography TDA352, DIT250 Wissam Aoudi Chalmers University of Technology November 21, 2017 Wissam Aoudi Number Theory and Group Theoryfor Public-Key Cryptography
More informationMathematics for Cryptography
Mathematics for Cryptography Douglas R. Stinson David R. Cheriton School of Computer Science University of Waterloo Waterloo, Ontario, N2L 3G1, Canada March 15, 2016 1 Groups and Modular Arithmetic 1.1
More informationLecture 4: Number theory
Lecture 4: Number theory Rajat Mittal IIT Kanpur In the next few classes we will talk about the basics of number theory. Number theory studies the properties of natural numbers and is considered one of
More informationA Guide to Arithmetic
A Guide to Arithmetic Robin Chapman August 5, 1994 These notes give a very brief resumé of my number theory course. Proofs and examples are omitted. Any suggestions for improvements will be gratefully
More informationBasic elements of number theory
Cryptography Basic elements of number theory Marius Zimand 1 Divisibility, prime numbers By default all the variables, such as a, b, k, etc., denote integer numbers. Divisibility a 0 divides b if b = a
More informationBasic elements of number theory
Cryptography Basic elements of number theory Marius Zimand By default all the variables, such as a, b, k, etc., denote integer numbers. Divisibility a 0 divides b if b = a k for some integer k. Notation
More informationInstructor: Bobby Kleinberg Lecture Notes, 25 April The Miller-Rabin Randomized Primality Test
Introduction to Algorithms (CS 482) Cornell University Instructor: Bobby Kleinberg Lecture Notes, 25 April 2008 The Miller-Rabin Randomized Primality Test 1 Introduction Primality testing is an important
More informationPart II. Number Theory. Year
Part II Year 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2017 Paper 3, Section I 1G 70 Explain what is meant by an Euler pseudoprime and a strong pseudoprime. Show that 65 is an Euler
More informationThe running time of Euclid s algorithm
The running time of Euclid s algorithm We analyze the worst-case running time of EUCLID as a function of the size of and Assume w.l.g. that 0 The overall running time of EUCLID is proportional to the number
More informationNotes on Systems of Linear Congruences
MATH 324 Summer 2012 Elementary Number Theory Notes on Systems of Linear Congruences In this note we will discuss systems of linear congruences where the moduli are all different. Definition. Given the
More informationNumber Theory and Algebra: A Brief Introduction
Number Theory and Algebra: A Brief Introduction Indian Statistical Institute Kolkata May 15, 2017 Elementary Number Theory: Modular Arithmetic Definition Let n be a positive integer and a and b two integers.
More informationMa/CS 6a Class 4: Primality Testing
Ma/CS 6a Class 4: Primality Testing By Adam Sheffer Reminder: Euler s Totient Function Euler s totient φ(n) is defined as follows: Given n N, then φ n = x 1 x < n and GCD x, n = 1. In more words: φ n is
More informationNUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA
NUMBER THEORY Anwitaman DATTA SCSE, NTU Singapore Acknowledgement: The following lecture slides are based on, and uses material from the text book Cryptography and Network Security (various eds) by William
More informationSlides by Christopher M. Bourke Instructor: Berthe Y. Choueiry. Spring 2006
Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry Spring 2006 1 / 1 Computer Science & Engineering 235 Introduction to Discrete Mathematics Sections 2.4 2.6 of Rosen Introduction I When talking
More informationLecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya
BBM 205 Discrete Mathematics Hacettepe University http://web.cs.hacettepe.edu.tr/ bbm205 Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya Resources: Kenneth Rosen,
More informationBasic Algorithms in Number Theory
Basic Algorithms in Number Theory Algorithmic Complexity... 1 Basic Algorithms in Number Theory Francesco Pappalardi Discrete Logs, Modular Square Roots & Euclidean Algorithm. July 20 th 2010 Basic Algorithms
More informationThis is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.
8 Modular Arithmetic We introduce an operator mod. Let d be a positive integer. For c a nonnegative integer, the value c mod d is the remainder when c is divided by d. For example, c mod d = 0 if and only
More informationLECTURE NOTES IN CRYPTOGRAPHY
1 LECTURE NOTES IN CRYPTOGRAPHY Thomas Johansson 2005/2006 c Thomas Johansson 2006 2 Chapter 1 Abstract algebra and Number theory Before we start the treatment of cryptography we need to review some basic
More informationLARGE PRIME NUMBERS (32, 42; 4) (32, 24; 2) (32, 20; 1) ( 105, 20; 0).
LARGE PRIME NUMBERS 1. Fast Modular Exponentiation Given positive integers a, e, and n, the following algorithm quickly computes the reduced power a e % n. (Here x % n denotes the element of {0,, n 1}
More information2 More on Congruences
2 More on Congruences 2.1 Fermat s Theorem and Euler s Theorem definition 2.1 Let m be a positive integer. A set S = {x 0,x 1,,x m 1 x i Z} is called a complete residue system if x i x j (mod m) whenever
More information= 1 2x. x 2 a ) 0 (mod p n ), (x 2 + 2a + a2. x a ) 2
8. p-adic numbers 8.1. Motivation: Solving x 2 a (mod p n ). Take an odd prime p, and ( an) integer a coprime to p. Then, as we know, x 2 a (mod p) has a solution x Z iff = 1. In this case we can suppose
More informationIRREDUCIBILITY TESTS IN F p [T ]
IRREDUCIBILITY TESTS IN F p [T ] KEITH CONRAD 1. Introduction Let F p = Z/(p) be a field of prime order. We will discuss a few methods of checking if a polynomial f(t ) F p [T ] is irreducible that are
More informationOutline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m
Outline GCD and Euclid s Algorithm AIT 682: Network and Systems Security Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography Modulo Arithmetic Modular Exponentiation Discrete Logarithms
More informationOutline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms
AIT 682: Network and Systems Security Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography Instructor: Dr. Kun Sun Outline GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation
More informationCongruence Classes. Number Theory Essentials. Modular Arithmetic Systems
Cryptography Introduction to Number Theory 1 Preview Integers Prime Numbers Modular Arithmetic Totient Function Euler's Theorem Fermat's Little Theorem Euclid's Algorithm 2 Introduction to Number Theory
More informationCryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1
Cryptography CS 555 Topic 18: RSA Implementation and Security Topic 18 1 Outline and Readings Outline RSA implementation issues Factoring large numbers Knowing (e,d) enables factoring Prime testing Readings:
More informationPublic Key Encryption
Public Key Encryption 3/13/2012 Cryptography 1 Facts About Numbers Prime number p: p is an integer p 2 The only divisors of p are 1 and p s 2, 7, 19 are primes -3, 0, 1, 6 are not primes Prime decomposition
More informationSome Facts from Number Theory
Computer Science 52 Some Facts from Number Theory Fall Semester, 2014 These notes are adapted from a document that was prepared for a different course several years ago. They may be helpful as a summary
More information1. Algebra 1.7. Prime numbers
1. ALGEBRA 30 1. Algebra 1.7. Prime numbers Definition Let n Z, with n 2. If n is not a prime number, then n is called a composite number. We look for a way to test if a given positive integer is prime
More information1 Overview and revision
MTH6128 Number Theory Notes 1 Spring 2018 1 Overview and revision In this section we will meet some of the concerns of Number Theory, and have a brief revision of some of the relevant material from Introduction
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 2: Mathematical Concepts Divisibility Congruence Quadratic Residues
More informationEuler s, Fermat s and Wilson s Theorems
Euler s, Fermat s and Wilson s Theorems R. C. Daileda February 17, 2018 1 Euler s Theorem Consider the following example. Example 1. Find the remainder when 3 103 is divided by 14. We begin by computing
More informationChapter 8. Introduction to Number Theory
Chapter 8 Introduction to Number Theory CRYPTOGRAPHY AND NETWORK SECURITY 1 Index 1. Prime Numbers 2. Fermat`s and Euler`s Theorems 3. Testing for Primality 4. Discrete Logarithms 2 Prime Numbers 3 Prime
More informationNumber Theory Alex X. Liu & Haipeng Dai
Number Theory Alex X. Liu & Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University How to compute gcd(x,y) Observation: gcd(x,y) = gcd(x-y, y)
More informationIntroduction to Public-Key Cryptosystems:
Introduction to Public-Key Cryptosystems: Technical Underpinnings: RSA and Primality Testing Modes of Encryption for RSA Digital Signatures for RSA 1 RSA Block Encryption / Decryption and Signing Each
More informationCourse 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography
Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2006 Contents 9 Introduction to Number Theory and Cryptography 1 9.1 Subgroups
More informationCSE 521: Design and Analysis of Algorithms I
CSE 521: Design and Analysis of Algorithms I Randomized Algorithms: Primality Testing Paul Beame 1 Randomized Algorithms QuickSelect and Quicksort Algorithms random choices make them fast and simple but
More information3 The fundamentals: Algorithms, the integers, and matrices
3 The fundamentals: Algorithms, the integers, and matrices 3.4 The integers and division This section introduces the basics of number theory number theory is the part of mathematics involving integers
More informationChapter 5. Modular arithmetic. 5.1 The modular ring
Chapter 5 Modular arithmetic 5.1 The modular ring Definition 5.1. Suppose n N and x, y Z. Then we say that x, y are equivalent modulo n, and we write x y mod n if n x y. It is evident that equivalence
More informationNumbers. Çetin Kaya Koç Winter / 18
Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 1 / 18 Number Systems and Sets We represent the set of integers as Z = {..., 3, 2, 1,0,1,2,3,...} We denote the set of positive integers modulo n as
More informationAll variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points.
Math 152, Problem Set 2 solutions (2018-01-24) All variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points. 1. Let us look at the following equation: x 5 1
More informationYALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 13 (rev. 2) Professor M. J. Fischer October 22, 2008 53 Chinese Remainder Theorem Lecture Notes 13 We
More informationIntroduction to Number Theory
INTRODUCTION Definition: Natural Numbers, Integers Natural numbers: N={0,1,, }. Integers: Z={0,±1,±, }. Definition: Divisor If a Z can be writeen as a=bc where b, c Z, then we say a is divisible by b or,
More informationMath 324, Fall 2011 Assignment 7 Solutions. 1 (ab) γ = a γ b γ mod n.
Math 324, Fall 2011 Assignment 7 Solutions Exercise 1. (a) Suppose a and b are both relatively prime to the positive integer n. If gcd(ord n a, ord n b) = 1, show ord n (ab) = ord n a ord n b. (b) Let
More informationCSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms
Computer Science CSC 474 Network Security Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography CSC 474 Dr. Peng Ning 1 Outline GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation
More informationRSA Key Generation. Required Reading. W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality
ECE646 Lecture RSA Key Generation Required Reading W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality A.Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography
More information2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?
Chapter 3: Theory of Modular Arithmetic 25 SECTION C Solving Linear Congruences By the end of this section you will be able to solve congruence equations determine the number of solutions find the multiplicative
More informationKnow the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.
The first exam will be on Monday, June 8, 202. The syllabus will be sections. and.2 in Lax, and the number theory handout found on the class web site, plus the handout on the method of successive squaring
More informationMATH 361: NUMBER THEORY FOURTH LECTURE
MATH 361: NUMBER THEORY FOURTH LECTURE 1. Introduction Everybody knows that three hours after 10:00, the time is 1:00. That is, everybody is familiar with modular arithmetic, the usual arithmetic of the
More informationMa/CS 6a Class 4: Primality Testing
Ma/CS 6a Class 4: Primality Testing By Adam Sheffer Send anonymous suggestions and complaints from here. Email: adamcandobetter@gmail.com Password: anonymous2 There aren t enough crocodiles in the presentations
More informationThe primitive root theorem
The primitive root theorem Mar Steinberger First recall that if R is a ring, then a R is a unit if there exists b R with ab = ba = 1. The collection of all units in R is denoted R and forms a group under
More informationSOLUTIONS TO PROBLEM SET 1. Section = 2 3, 1. n n + 1. k(k + 1) k=1 k(k + 1) + 1 (n + 1)(n + 2) n + 2,
SOLUTIONS TO PROBLEM SET 1 Section 1.3 Exercise 4. We see that 1 1 2 = 1 2, 1 1 2 + 1 2 3 = 2 3, 1 1 2 + 1 2 3 + 1 3 4 = 3 4, and is reasonable to conjecture n k=1 We will prove this formula by induction.
More informationFinite Fields. Mike Reiter
1 Finite Fields Mike Reiter reiter@cs.unc.edu Based on Chapter 4 of: W. Stallings. Cryptography and Network Security, Principles and Practices. 3 rd Edition, 2003. Groups 2 A group G, is a set G of elements
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More informationNUMBER SYSTEMS. Number theory is the study of the integers. We denote the set of integers by Z:
NUMBER SYSTEMS Number theory is the study of the integers. We denote the set of integers by Z: Z = {..., 3, 2, 1, 0, 1, 2, 3,... }. The integers have two operations defined on them, addition and multiplication,
More informationPREPARATION NOTES FOR NUMBER THEORY PRACTICE WED. OCT. 3,2012
PREPARATION NOTES FOR NUMBER THEORY PRACTICE WED. OCT. 3,2012 0.1. Basic Num. Th. Techniques/Theorems/Terms. Modular arithmetic, Chinese Remainder Theorem, Little Fermat, Euler, Wilson, totient, Euclidean
More informationDiscrete Mathematics with Applications MATH236
Discrete Mathematics with Applications MATH236 Dr. Hung P. Tong-Viet School of Mathematics, Statistics and Computer Science University of KwaZulu-Natal Pietermaritzburg Campus Semester 1, 2013 Tong-Viet
More informationLecture 14: Hardness Assumptions
CSE 594 : Modern Cryptography 03/23/2017 Lecture 14: Hardness Assumptions Instructor: Omkant Pandey Scribe: Hyungjoon Koo, Parkavi Sundaresan 1 Modular Arithmetic Let N and R be set of natural and real
More informationCS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II
CS 5319 Advanced Discrete Structure Lecture 9: Introduction to Number Theory II Divisibility Outline Greatest Common Divisor Fundamental Theorem of Arithmetic Modular Arithmetic Euler Phi Function RSA
More informationCryptography: Joining the RSA Cryptosystem
Cryptography: Joining the RSA Cryptosystem Greg Plaxton Theory in Programming Practice, Fall 2005 Department of Computer Science University of Texas at Austin Joining the RSA Cryptosystem: Overview First,
More information7. Prime Numbers Part VI of PJE
7. Prime Numbers Part VI of PJE 7.1 Definition (p.277) A positive integer n is prime when n > 1 and the only divisors are ±1 and +n. That is D (n) = { n 1 1 n}. Otherwise n > 1 is said to be composite.
More informationA polytime proof of correctness of the Rabin-Miller algorithm from Fermat s Little Theorem
A polytime proof of correctness of the Rabin-Miller algorithm from Fermat s Little Theorem Grzegorz Herman and Michael Soltys November 24, 2008 Abstract Although a deterministic polytime algorithm for
More informationElementary Number Theory Review. Franz Luef
Elementary Number Theory Review Principle of Induction Principle of Induction Suppose we have a sequence of mathematical statements P(1), P(2),... such that (a) P(1) is true. (b) If P(k) is true, then
More informationFactoring Algorithms Pollard s p 1 Method. This method discovers a prime factor p of an integer n whenever p 1 has only small prime factors.
Factoring Algorithms Pollard s p 1 Method This method discovers a prime factor p of an integer n whenever p 1 has only small prime factors. Input: n (to factor) and a limit B Output: a proper factor of
More information4 Number Theory and Cryptography
4 Number Theory and Cryptography 4.1 Divisibility and Modular Arithmetic This section introduces the basics of number theory number theory is the part of mathematics involving integers and their properties.
More informationCourse MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography
Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2000 2013 Contents 9 Introduction to Number Theory 63 9.1 Subgroups
More informationMathematical Foundations of Public-Key Cryptography
Mathematical Foundations of Public-Key Cryptography Adam C. Champion and Dong Xuan CSE 4471: Information Security Material based on (Stallings, 2006) and (Paar and Pelzl, 2010) Outline Review: Basic Mathematical
More informationSummary Slides for MATH 342 June 25, 2018
Summary Slides for MATH 342 June 25, 2018 Summary slides based on Elementary Number Theory and its applications by Kenneth Rosen and The Theory of Numbers by Ivan Niven, Herbert Zuckerman, and Hugh Montgomery.
More informationThe Chinese Remainder Theorem
Sacred Heart University DigitalCommons@SHU Academic Festival Apr 20th, 9:30 AM - 10:45 AM The Chinese Remainder Theorem Nancirose Piazza Follow this and additional works at: http://digitalcommons.sacredheart.edu/acadfest
More informationCongruences and Residue Class Rings
Congruences and Residue Class Rings (Chapter 2 of J. A. Buchmann, Introduction to Cryptography, 2nd Ed., 2004) Shoichi Hirose Faculty of Engineering, University of Fukui S. Hirose (U. Fukui) Congruences
More information1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2
Contents 1 Recommended Reading 1 2 Public Key/Private Key Cryptography 1 2.1 Overview............................................. 1 2.2 RSA Algorithm.......................................... 2 3 A Number
More informationECE596C: Handout #11
ECE596C: Handout #11 Public Key Cryptosystems Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract In this lecture we introduce necessary mathematical background for studying
More informationNumber Theory Proof Portfolio
Number Theory Proof Portfolio Jordan Rock May 12, 2015 This portfolio is a collection of Number Theory proofs and problems done by Jordan Rock in the Spring of 2014. The problems are organized first by
More informationPart IA Numbers and Sets
Part IA Numbers and Sets Definitions Based on lectures by A. G. Thomason Notes taken by Dexter Chua Michaelmas 2014 These notes are not endorsed by the lecturers, and I have modified them (often significantly)
More informationA. Algebra and Number Theory
A. Algebra and Number Theory Public-key cryptosystems are based on modular arithmetic. In this section, we summarize the concepts and results from algebra and number theory which are necessary for an understanding
More informationa = mq + r where 0 r m 1.
8. Euler ϕ-function We have already seen that Z m, the set of equivalence classes of the integers modulo m, is naturally a ring. Now we will start to derive some interesting consequences in number theory.
More informationNumber Theory. Modular Arithmetic
Number Theory The branch of mathematics that is important in IT security especially in cryptography. Deals only in integer numbers and the process can be done in a very fast manner. Modular Arithmetic
More informationNumber Theory Solutions Packet
Number Theory Solutions Pacet 1 There exist two distinct positive integers, both of which are divisors of 10 10, with sum equal to 157 What are they? Solution Suppose 157 = x + y for x and y divisors of
More informationLecture 6: Deterministic Primality Testing
Lecture 6: Deterministic Primality Testing Topics in Pseudorandomness and Complexity (Spring 018) Rutgers University Swastik Kopparty Scribe: Justin Semonsen, Nikolas Melissaris 1 Introduction The AKS
More informationDefinition 6.1 (p.277) A positive integer n is prime when n > 1 and the only positive divisors are 1 and n. Alternatively
6 Prime Numbers Part VI of PJE 6.1 Fundamental Results Definition 6.1 (p.277) A positive integer n is prime when n > 1 and the only positive divisors are 1 and n. Alternatively D (p) = { p 1 1 p}. Otherwise
More information1. multiplication is commutative and associative;
Chapter 4 The Arithmetic of Z In this chapter, we start by introducing the concept of congruences; these are used in our proof (going back to Gauss 1 ) that every integer has a unique prime factorization.
More informationTHE MILLER RABIN TEST
THE MILLER RABIN TEST KEITH CONRAD 1. Introduction The Miller Rabin test is the most widely used probabilistic primality test. For odd composite n > 1 at least 75% of numbers from to 1 to n 1 are witnesses
More information2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?
Chapter 3: Theory of Modular Arithmetic 25 SECTION C Solving Linear Congruences By the end of this section you will be able to solve congruence equations determine the number of solutions find the multiplicative
More informationPart IA Numbers and Sets
Part IA Numbers and Sets Theorems Based on lectures by A. G. Thomason Notes taken by Dexter Chua Michaelmas 2014 These notes are not endorsed by the lecturers, and I have modified them (often significantly)
More informationCOMS W4995 Introduction to Cryptography September 29, Lecture 8: Number Theory
COMS W4995 Introduction to Cryptography September 29, 2005 Lecture 8: Number Theory Lecturer: Tal Malkin Scribes: Elli Androulaki, Mohit Vazirani Summary This lecture focuses on some basic Number Theory.
More informationMATH 145 Algebra, Solutions to Assignment 4
MATH 145 Algebra, Solutions to Assignment 4 1: a) Find the inverse of 178 in Z 365. Solution: We find s and t so that 178s + 365t = 1, and then 178 1 = s. The Euclidean Algorithm gives 365 = 178 + 9 178
More information